2.1 Tracing Process Creation

The proc probes allow you to trace process creation and termination,
execution of new program images, and signal processing on a system. See proc
Provider in the Oracle Linux Dynamic Tracing Guide for a
description of the proc probes and their arguments.

The following D program, execcalls.d, uses proc
probes to monitor the system as it executes process images.

The args[0] argument to the exec probe is set to the
path name of the program being executed. We use the stringof() function to
convert the type from char * to the D type
string.

Before using dtrace to run the script, load the sdt
kernel module to enable the proc provider probes. (This is only necessary
if the module has not already been
loaded.)

# modprobe sdt

Enter the command dtrace -s execcalls.d to run the D program in one
window. Then start different programs from another window, and observe the output from
dtrace in the first window. To stop tracing after a few seconds have
elapsed, type Ctrl-C in the window that is running
dtrace.